Monday, January 25, 2016

Most stolen passwords of 2015 are....

Every year, Splash Data reveals a list of the most popular stolen passwords over the past twelve months, and every time it’s hard to believe the bone-headed passwords people continue to use. As the data shows, they’re not so much passwords as they are common words and numerical sequences that a five-year-old could guess. Who in their right mind thinks “123456” is a safe password to use? That, by the way, ranks at number one on Splash Data’s list.

Even with sophisticated software, biometrics, and two-factor authentication, people continue to make a hacker’s job easy by using passwords like “password” and “qwerty” and “1234.” Do services today even allow people to use passwords like these? Sites typically require users to create a password that uses uppercase, lowercase and symbols, with a meter that estimates how strong a password is. The passwords on the list below would no doubt fall on the “weak” side, so why do people continue to use them?

While “dragon” might make for a cool nickname in Step Brothers, it obviously doesn’t make for a very good password. Neither do animals, sports, or movies. Also, using the word “welcome” seems like it’s just courting danger.

Below is the full list:

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

What’s crazy is that many of the passwords revealed by Splash Data are largely unchanged from last year. For the love of all that is holy, “letmein” is not a password you should be using to protect your sensitive information. Not now, not ever.